[GRLUG] PCI v1.2 Compliance.
David Pembrook
david at pembrook.net
Thu Dec 11 12:55:05 EST 2008
On Thu, Dec 11, 2008 at 12:19 PM, Greg Folkert <greg at gregfolkert.net> wrote:
> [spip] [snip]
>
Any thoughts on handling credit card information the way ZenCart does?
Split the credit card number in half. Email part of it and store the
rest in the database. This way the only time the credit card number is
in one piece is in the running shopping cart and on the user's ssl
secured browser. A given here is the dedicated web server (not shared
hosting), email isn't stored on the same server or network and passwords
are secure. I'd like to address the process they choose to "secure" the
cc number from hacking.
Dave
More information about the grlug
mailing list